MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DanaBot


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237
SHA3-384 hash: bda355ca0c0383f0fda5d18a902db77207057b358aa4930431ea89eff05f6371c9e96423236d498270ba11c817ed9288
SHA1 hash: c4fdd40ea7a9a35e8dbe2aacfaf1f3c872e8d690
MD5 hash: 1f57b1bf29591b6cd4a7acdae635ff66
humanhash: winner-romeo-utah-one
File name:1f57b1bf29591b6cd4a7acdae635ff66.exe
Download: download sample
Signature DanaBot
Create hunting rule
File size:1'231'360 bytes
First seen:2021-07-27 15:37:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ca59243ab9216853b8ca72d3a7c666db (1 x DanaBot)
ssdeep 24576:SYOc4MasBAgN45LhIUEekqTCv3OWeUH4SA7rKBwG+qS6Qig/cwid3Ut:STg8hIek9v0UHrq+BqqS6qihU
Threatray 2'961 similar samples on MalwareBazaar
TLSH T131451220BAA1C430E6B316F848B69378793E7DB19B3090CFA2E12AEE56741D4DC31757
dhash icon ead8ac9cc6e68ea0 (38 x RaccoonStealer, 18 x RedLineStealer, 12 x Smoke Loader)
Reporter abuse_ch
Tags:DanaBot exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
x86_x64_setup.bin
Verdict:
Malicious activity
Analysis date:
2021-07-26 08:46:03 UTC
Tags:
evasion trojan rat redline phishing stealer vidar loader
Link:
https://app.any.run/tasks/aae79fd7-6115-490a-82b5-e69f179899bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174412/
Detection(s):
Win.Packed.Generic-9881388-0
Create hunting rule

Win.Packed.Generic-9881403-0
Create hunting rule

Win.Packed.Raccoon-9881528-0
Create hunting rule

Win.Packed.Raccoon-9881377-1
Create hunting rule

Win.Malware.Generic-9881647-0
Create hunting rule

Win.Packed.Mokes-9881739-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending a UDP request
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6af60a5a-3c00-4295-908f-1fd00be29ed2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/822600
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Hynamer
Create hunting rule
Status:
Malicious
First seen:
2021-07-26 18:05:45 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hway3k6ktflgs3dzillwyfwir3hgw5f5rrdzvvfv3yyrbhufyi3q._file
Verdict:
unknown
Similar samples:
173240b443fdb5cc7ed97cf6eedeb0d823924df3dab6d468c9da2898443f3ac6
DanaBot
1b6893887051e9bb3155b6a817e71e499dcb5959369391a42b772c0fa75e55fd
DanaBot
2fbf6c5454bb88073ecbc13b293375ec58a9f8636c188881ffd7a3573f3c1cac
DanaBot
69fac4fe77b6da550498724f01e6db66d5c18a19c185d824bf62afdaccb0a7d6
DanaBot
8f71fca5621ccb7ba3558cfebc17014d27923d1c73ad97ececb577fd5b937047
DanaBot
8fa3eaa46c7d8d1f44a2eeca895f802f2aa7a2251bab347ccb765c72d63ccb58
DanaBot
9610051a347d56ae5d91e3a3c471a2d90b5a4e02b2aa714f931d4cbe164eb42c
DanaBot
dab48eb20191f37e19aed12dc58640ab40957cec26dc3fa63a88f70decbd875c
DanaBot
f8c983fce1af5b6e17289a88d19a70fb5a67c6bc32d7aa4f3bc3ce1ffcddc282
DanaBot
+ 2'951 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210727-dby62n17ps/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Loads dropped DLL
Blocklisted process makes network request
Unpacked files
SH256 hash:
604dce77259862fab9ef6a93b9c0eb1992821967b98d7ab1f0d141593025e16c
MD5 hash:
4aa41aaf04e35d03f880708db1cd5407
SHA1 hash:
28594223d6718c61918f0f667cb6a70add3906e4
Link:
https://www.unpac.me/results/998c7301-727d-49fc-b58d-5d64b39fc147/
SH256 hash:
1257057338fb37c30807c04989c0ce09b11fe7537a8bf214b3f42d8cdbaf9700
MD5 hash:
458ab1ace949453e5078ecc5793ee5e4
SHA1 hash:
8716f43c864814b865171ff3416b55974c744063
Link:
https://www.unpac.me/results/998c7301-727d-49fc-b58d-5d64b39fc147/
SH256 hash:
3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237
MD5 hash:
1f57b1bf29591b6cd4a7acdae635ff66
SHA1 hash:
c4fdd40ea7a9a35e8dbe2aacfaf1f3c872e8d690
Link:
https://www.unpac.me/results/998c7301-727d-49fc-b58d-5d64b39fc147/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DanaBot

Executable exe 3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1467030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1461110/
Cape
Cape
https://www.capesandbox.com/analysis/174412/

Comments